Cybersecurity Guide

PhD in Cybersecurity: Programs, Requirements, and Career Outcomes

Last updated:

Written by Cybersecurity Guide Contributors

Collaborative Cybersecurity Guide byline for regularly updated content reviewed and maintained by multiple contributors.

In this guide

A PhD in cybersecurity is the credential behind CISOs, senior government advisors, and emerging AI security researchers — and in 2026, it’s increasingly pursued by mid-career professionals, not just academics.

Doctoral graduates in this field average $172,000 annually, and the roles that typically require a doctorate — CISO, principal researcher, tenured faculty — are among the highest-compensated positions in tech.

The degree takes 4–5 years and costs between $49,968 and $150,280, depending on the program — but many PhD students are fully funded. This guide is built from Cybersecurity Guide’s original analysis of 12 accredited programs and covers program options, admission requirements, costs, funding, and what careers the degree actually unlocks.

QUICK ANSWER

A PhD in cybersecurity typically takes 4–5 years and requires around 71 credits, with total costs ranging from $49,968 to $150,280 depending on the program (out-of-state rates). Many programs offer full funding through teaching or research assistantships.

Graduates earn an average of $172,000 annually and qualify for senior roles — including CISO, principal researcher, and tenured professor — that typically require a doctorate.

Who Should Get a PhD in Cybersecurity?

A PhD in cybersecurity is the right move for professionals targeting research leadership, senior government roles, executive security positions, or academic careers — not for those who want to advance as practitioners. The credential unlocks a specific tier of roles where the degree is expected, not just preferred.

Doctoral graduates average $172,000 annually — a meaningful premium over master’s-level peers — and the top-tier roles this degree enables (CISO, research director, federal agency leadership) typically require it. For a full picture of career paths available at all degree levels, see our cybersecurity career paths guide.

Career Paths for Cybersecurity PhD Graduates

A doctoral degree opens a distinct tier of cybersecurity roles that master’s graduates rarely access directly. Common career outcomes include:

  • Chief Information Security Officer (CISO): Average compensation of $312,833; most Fortune 500 and government agency CISO roles prefer or require doctoral-level credentials
  • Principal security researcher: Research director roles at companies like Google, Microsoft, MITRE, and the RAND Corporation, typically $140,000–$200,000+
  • Federal agency leadership: Senior roles at NSA, CISA, DHS, and DoD, often at GS-15 or Senior Executive Service levels ($150,000–$200,000+), where doctoral credentials and security clearances align
  • Tenured faculty: Cybersecurity professor roles at research universities, with average salaries of $114,792 and ranges of $94,500–$179,500
  • Think tank and policy analyst: Senior positions at organizations like the Council on Foreign Relations, Brookings, and CSIS, where doctoral credentials signal policy and research credibility
  • Senior security consultant: Independent or firm-based consulting to enterprise and government clients, where the doctorate commands premium billing rates

PhD vs. Master’s: What Does the Doctorate Actually Add?

A master’s in cybersecurity is a practitioner credential — it builds applied technical depth and opens mid-senior individual contributor roles. A PhD is a research and leadership credential.

The distinction matters most for three career paths: academic roles (which almost universally require a doctorate), federal government senior leadership (where doctoral credentials align with clearance levels and policy authority), and executive roles like CISO (where the degree signals research depth and strategic credibility). If your target roles don’t fall into one of these three categories, a master’s is likely the better return on time and money.

Salary premium in context: the BLS median for information security analysts is $124,910 (May 2024). Doctoral holders in cybersecurity average $172,000 — a gap of roughly $47,000 annually, against an additional 3–4 years of program time and six-figure tuition (before funding). The financial case depends almost entirely on the specific roles you’re targeting.

PhD, DSc, and DPS: Understanding the Doctoral Degree Types

Not all cybersecurity doctorates are the same. Three distinct degree types exist, and choosing the wrong one for your goals can cost years:

  • PhD (Doctor of Philosophy): Theory-driven and research-oriented. The standard credential for academic faculty positions and basic research roles. Requires an original dissertation contributing new knowledge to the field. Most commonly awarded at traditional research universities.
  • DSc (Doctor of Science): Emphasizes technical research expertise over philosophical theory. More common in applied research contexts. Some programs offer it as an alternative to the PhD for candidates with significant prior research output.
  • DPS (Doctor of Professional Studies): Designed for senior practitioners who want to formalize extensive field experience at the doctoral level. Focuses on applied, hands-on expertise rather than original research. Better suited to experienced cybersecurity executives than to early-career researchers.

Best Cybersecurity PhD Programs for 2026

  1. Marymount University

    Arlington, Virginia
    Program: D.Sc. in Cybersecurity
    CAE designation: CAE-CD
    Tuition: $49,968
    Delivery Method: Online & campus
    2025/2026 Cost per credit: $1,388
    Credits: 36
    GRE: Not Required
    Learn more: Program details

  2. Northeastern University

    Boston, Massachusetts
    Program: Ph.D. in Cybersecurity
    CAE designation: CAE-R
    Tuition: $90,000
    Delivery Method: Campus
    2025/2026 Cost per credit: $1,875
    Credits: 48
    GRE: Not Required
    Learn more: Program details

  3. Augusta University

    Augusta, Georgia
    Program: PhD in Computer and Cyber Sciences
    CAE designation: CAE-CD, CAE-CO
    Tuition: $60,336
    Delivery Method: Campus
    2025/2026 Cost per credit: $236 in-state | $838 out-of-state
    Credits: 72
    GRE: Not Required
    Learn more: Program details

  4. New Jersey City University

    Jersey City, New Jersey
    Program: Doctor of Science in Civil Security - Leadership, Management and Policy (CSLMP)
    CAE designation: CAE-CD
    Tuition: $62,075
    Delivery Method: Campus
    2025/2026 Cost per credit: $1,293
    Credits: 48
    GRE: Not Required
    Learn more: Program details

  5. Nova Southeastern University

    Fort Lauderdale, Florida
    Program: Ph.D. in Cybersecurity Management
    CAE designation: CAE-CD
    Tuition: $73,542
    Delivery Method: Online & campus
    2025/2026 Cost per credit: $1,442
    Credits: 51
    GRE: Not Required
    Learn more: Program details

  6. University of Tulsa

    Tulsa, Oklahoma
    Program: Cyber Studies, Ph.D.
    CAE designation: CAE-CD, CAE-R
    Tuition: $111,456
    Delivery Method: Online & campus
    2025/2026 Cost per credit: $1,548
    Credits: 72
    GRE: Not required
    Learn more: Program details

  7. University of Colorado Colorado Springs

    Colorado Springs, Colorado
    Program: Cybersecurity, PhD
    CAE designation: CAE-CD, CAE-R
    Tuition: $125,100
    Delivery Method: Campus
    2025/2026 Cost per credit: $1,414 in-state | $2,085 out-of-state
    Credits: 60
    GRE: Required
    Learn more: Program details

  8. University of Central Florida

    Orlando, Florida
    Program: Security Studies (PhD)
    CAE designation: CAE-CD, CAE-R
    Tuition: $71,456
    Delivery Method: Campus
    2025/2026 Cost per credit: $370 in-state | $1,276 out-of-state
    Credits: 56
    GRE: Not required
    Learn more: Program details

  9. Sam Houston State University

    Huntsville, Texas
    Program: Ph.D. in Digital and Cyber Forensic Science
    CAE designation: CAE-CD
    Tuition: $84,867
    Delivery Method: Campus
    2025/2026 Cost per credit: $741.85 in-state | $1,146.85 out-of-state
    Credits: 74
    GRE: Required
    Learn more: Program details

  10. University of Idaho

    Moscow, Idaho
    Program: Cybersecurity Ph.D.
    CAE designation: CAE-CD
    Tuition: $131,586
    Delivery Method: Campus
    2025/2026 Cost per credit: $618 in-state | $1,687 out-of-state
    Credits: 78
    GRE: Not required
    Learn more: Program details

These rankings were compiled from data accessed in January 2026 from the Integrated Post-Secondary Education Data System (IPEDS) and College Navigator (both services of the National Center for Education Statistics). Tuition data was pulled from individual university websites and is current as of January 2026.

2025 Rankings

  1. NOVA SOUTHEASTERN UNIVERSITY
  2. NORTHEASTERN UNIVERSITY
  3. AUGUSTA UNIVERSITY

2024 Rankings

  1. GEORGIA INSTITUTE OF TECHNOLOGY
  2. NORTHEASTERN UNIVERSITY
  3. MARYMOUNT UNIVERSITY

PhD in Cybersecurity Admission Requirements

Most cybersecurity PhD programs require a master’s degree in a relevant field (computer science, information security, or engineering), a minimum GPA around 3.5, and demonstrated research experience or professional accomplishment. The application is competitive — programs admit small cohorts, and research fit with faculty advisors matters as much as academic credentials.

Academic Prerequisites

A master’s degree is the standard entry point for doctoral programs. Some programs will admit exceptional bachelor’s applicants directly into a combined BS/PhD or accelerated track, but this is the exception rather than the rule. Competitive GPA benchmarks:

  • Minimum GPA: 3.0 (most programs); competitive applicants typically present 3.5 or higher
  • Strong performance in quantitative coursework: two semesters of calculus, discrete mathematics, statistics, and probability are common prerequisites
  • Prior graduate coursework or research experience in cybersecurity, computer science, or information systems signals readiness for doctoral-level work

GRE and Test Requirements

GRE requirements vary significantly across programs and have changed rapidly. Many doctoral programs — particularly online and professional doctorate tracks — have moved away from GRE requirements as of 2025–2026, placing more weight on research experience, professional accomplishments, and academic GPA.

Confirm current requirements directly with each program before applying — do not assume GRE is required or waived based on older guidance.

Experience and Application Materials

Doctoral admissions weigh research potential heavily. The application checklist below is standard, but the statement of intent and letters of reference are the materials that most differentiate competitive candidates:

  • Transcripts: All undergraduate and graduate transcripts required
  • Statement of intent: Not a cover letter — a specific articulation of your research interests, the faculty members you want to work with, and why your background prepares you for doctoral-level research in that area. Vague statements are a leading reason for rejection at top programs.
  • Letters of reference: Three letters, ideally from faculty who can speak to your research capacity — not just professional supervisors. Academic references who have observed your analytical work carry significantly more weight.
  • CV or resume: Emphasize research outputs — publications, conference presentations, thesis work, open-source contributions, or security competition results
  • Research portfolio: A single published paper, master’s thesis, or significant technical project can meaningfully differentiate an application. Programs are admitting a research collaborator, not just a student.
  • Application fee + online application

For professional doctorate (DPS) programs targeting senior practitioners, programs may also expect 10–15 years of field experience as a substitute for academic research credentials. Check individual program requirements carefully.

How Long Does a PhD in Cybersecurity Take?

A full-time cybersecurity PhD typically takes 4–5 years from enrollment to degree conferral. Part-time and online programs, designed for working professionals, typically run 6–8 years.

The average credit requirement is 71 credits — nearly double the 36 credits required for a master’s degree — not counting research and teaching responsibilities that run concurrently with coursework.

Program Phases and Timeline

The doctoral program unfolds in four distinct phases, each with its own milestone:

  1. Coursework phase (years 1–2): Core seminars, research methods, statistics, and cybersecurity theory. Typically 30–45 credits. Students also begin identifying dissertation topics and potential faculty advisors.
  2. Qualifying exam (end of year 2): A comprehensive written and/or oral exam testing mastery of the field’s core knowledge areas. Passing is required to advance to doctoral candidacy. Some programs combine this with a written research proposal.
  3. Preliminary exam/dissertation proposal (year 3): The candidate presents a formal research proposal to their dissertation committee and receives approval to begin original research. This marks the transition from coursework to research.
  4. Dissertation research and final defense (years 3–5): Original research conducted under faculty advisors, culminating in a written dissertation and public oral defense. The committee must approve the dissertation before the degree is conferred.

Full-Time vs. Part-Time Options

Many programs — particularly online and hybrid formats — allow working professionals to pursue the PhD part-time, extending the timeline to 6–8 years with a study commitment of approximately 15–20 hours per week.

Part-time programs are structurally sound for practitioners who cannot step away from careers but want to earn doctoral credentials over a longer horizon. For programs specifically designed for online or part-time enrollment, see our guide to online cybersecurity PhD programs.

How Much Does a Cybersecurity PhD Cost?

A cybersecurity PhD costs between $49,968 and $150,280 in total tuition — but many students pay significantly less, or nothing at all, through funding programs. The figures below are based on out-of-state tuition rates from 12 accredited programs analyzed by Cybersecurity Guide.

Tuition Breakdown

  • Most affordable program: $49,968 at Marymount University (out-of-state)
  • Average across 12 programs: $88,396 (out-of-state)
  • Most expensive: $150,280 at New Mexico Tech (out-of-state)
  • Average credit hours: 71 credits (ranging from 60–75 hours depending on the program)

In-state tuition for public universities will be substantially lower than the out-of-state figures above. For a comparison of the most cost-effective doctoral options, see our most affordable cybersecurity PhD programs guide.

Cybersecurity Guide analyzed tuition changes between the 2024–25 and 2025–26 academic years. On average, tuition increased by 16.22%, with the largest single-year increase reaching 118.81%. While in-state tuition remained mostly stable, out-of-state tuition showed more significant year-over-year variation.

How PhD Programs Are Funded

The most important thing most doctoral guides omit: many cybersecurity PhD programs are fully funded. Full funding typically means a tuition waiver plus a living stipend in exchange for teaching or research responsibilities within the department.

Students who secure funding pay effectively nothing in tuition and receive an annual living stipend — typically $18,000–$30,000 depending on the institution and the cost of living.

Primary funding mechanisms:

  • Teaching assistantships (TA): Students teach or assist in undergraduate courses in exchange for a tuition waiver and stipend. Common at research universities with large undergraduate programs.
  • Research assistantships (RA): Students work on a faculty member’s funded research project in exchange for tuition and stipend support. Availability depends on whether the faculty advisor has active grant funding.
  • NSF Graduate Research Fellowship Program (GRFP): The NSF GRFP provides three years of support including a $37,000 annual stipend and $16,000 cost-of-education allowance to outstanding graduate students in science, technology, engineering, and mathematics fields, including cybersecurity.

CyberCorps: Scholarship for Service (SFS): Administered by the National Science Foundation in partnership with DHS, CyberCorps provides PhD students with a $37,000 annual stipend plus tuition and a $6,000 professional development allowance (for conference attendance and related costs) for up to three years.

In exchange, graduates commit to working in a federal government cybersecurity role for a period equal to the length of scholarship support. Awards are available at CAE-designated institutions — verify current award amounts directly before applying.

For a full overview of cybersecurity scholarships at all degree levels, see our cybersecurity scholarships and funding options guide.

Cybersecurity PhD Career Outcomes and Salary

Cybersecurity doctoral graduates earn an average of $172,000 annually — substantially above the BLS median of $124,910 for information security analysts (May 2024). The premium reflects the degree’s alignment with research leadership, executive, and faculty roles that sit above the practitioner track.

Salary by Role

  • Chief Information Security Officer (CISO): Average $312,833; typically requires or strongly prefers a doctoral credential plus 15+ years of experience
  • Research director / principal researcher: $140,000–$200,000+ at corporate, government, and think tank research organizations
  • Federal government GS-15 / SES positions: $150,000–$200,000+ at NSA, CISA, DoD, and intelligence agencies; doctoral credentials and security clearances frequently required
  • Cybersecurity faculty (tenured): Average $114,792, ranging from $94,500 at smaller institutions to $179,500 at top research universities
  • Information security analyst (doctoral level): BLS median $124,910; doctoral holders in this role category typically earn $140,000–$180,000+ with specialization

Industries and Sectors That Hire PhD Graduates

The doctoral credential is valued across sectors where cybersecurity intersects with high stakes — regulated data, national security, and complex system defense:

  • Defense and intelligence: DoD, NSA, CISA, CIA, and defense contractors (Booz Allen Hamilton, MITRE, Leidos) employ doctoral researchers for advanced threat analysis and cryptographic research
  • Technology companies: Google, Microsoft, Amazon, Apple, and Meta employ doctoral researchers in security teams where research output and publication records matter
  • Academia: Tenure-track faculty roles at R1 universities and liberal arts colleges; the doctorate is required for all tenure-track positions
  • Finance and critical infrastructure: Senior security executive and research roles at banks, payment networks, utilities, and healthcare organizations
  • Policy and think tanks: Nonprofit research organizations, government advisory bodies, and international institutions evaluating cybersecurity policy at a systemic level

For more on cybersecurity career paths at all levels, see our cybersecurity career paths guide.

Preparing for a Cybersecurity PhD Program

PhD programs are selecting research collaborators, not just students. The strongest applications combine academic credentials with evidence of research capacity — and that evidence takes time to build. Start early.

Build a Research Profile Before You Apply

Research experience is the single most differentiating factor in doctoral admissions, and it’s the area most prospective students underestimate. Concrete steps that meaningfully strengthen a PhD application:

  • Co-author a paper with a current faculty member, even as a junior contributor — a published or conference-accepted paper sets an application apart from the majority of candidates
  • Contribute to open-source security research projects on GitHub — version-controlled, publicly visible technical work demonstrates initiative and capability
  • Present at student or regional academic conferences — even a poster presentation signals familiarity with academic research culture
  • Complete and document a significant master’s thesis or capstone project — programs will read this; it is your primary writing sample for research purposes

Professional Organizations and Networks

The Center for Internet Security (CIS) is a nonprofit dedicated to training cybersecurity professionals and fostering collaboration. CIS publishes newsletters, threat analysis, and maintains active working groups where doctoral students can engage with practitioners and researchers.

The SANS Institute offers certification programs, professional education, and ongoing forums for cybersecurity professionals. SANS research publications and community involvement are recognized by PhD admissions committees as indicators of serious professional engagement.

LinkedIn and academic platforms like ResearchGate and Google Scholar are worth establishing early — building a visible professional and academic profile before applying demonstrates genuine engagement with the field. Follow faculty at programs you’re targeting; read their recent work and cite it intelligently in your statement of intent.

Cybersecurity Competitions and Hands-On Experience

The US Cyber Challenge — a series of competitions and hackathon-style events hosted by the Department of Homeland Security and the Center for Internet Security — is one of the most credible competition pathways for doctoral candidates. The National Cyber League and CSAW (Cyber Security Awareness Worldwide) competitions are also recognized at the graduate level. Competition results demonstrate applied problem-solving capacity and create professional connections with faculty and industry professionals who serve as judges and mentors.

Internships and Research Fellowships

Research internships — not just professional internships — are particularly valuable for doctoral candidates. NSA, CISA, MITRE, and DoD research labs offer summer research programs for graduate students that provide both research experience and institutional relationships that benefit later job searches. If a summer research program is available at a program you’re targeting, apply for it before or during the application cycle — it signals interest and creates a direct relationship with faculty.

What to Expect Inside a Cybersecurity PhD Program

Core Curriculum

Core curriculum varies significantly by program and institution, but most cybersecurity doctoral programs share a foundation of:

  • Security theory and foundations: Threat modeling, cryptographic theory, formal verification, and the mathematical underpinnings of security protocols
  • Network and systems security: Advanced network defense, intrusion detection, secure operating systems, and hardware security
  • Cybersecurity policy and law: Legal frameworks, international cyber law, regulatory compliance, and the policy structures governing state and non-state cyber operations
  • Research methods and statistics: Quantitative and qualitative research design, statistical analysis, and technical writing — the methodological core of doctoral work
  • Specialized seminars: Courses in digital forensics, cryptography, AI/ML security, industrial control system security, or cybersecurity management — varying by program focus and faculty expertise

CAE-designated programs follow NSA/DHS curriculum standards, which provide a baseline guarantee of coverage across core security domains. For more on CAE designation and how to identify designated programs, see our CAE resource page.

Qualifying and Preliminary Exams

All PhD candidates sit for a series of exams that serve as formal checkpoints:

  • Qualifying exam: Typically taken in the winter or spring of the second year. A comprehensive written and/or oral examination covering the program’s core knowledge areas. Passing advances the student to doctoral candidacy — a critical transition.
  • Preliminary exam: Taken after the qualifying exam and before formal dissertation work begins. The candidate presents a research proposal to their committee, demonstrating readiness to undertake original doctoral research. Committee approval is required to proceed.
  • Final defense: The doctoral candidate presents and defends completed dissertation research before the committee and the public. A successful defense is the final academic requirement for the degree.

The Dissertation

The dissertation is the capstone of the doctoral program — a formal paper presenting original research findings conducted under the guidance of a faculty advisor committee. The research must make a genuine contribution to the field’s knowledge base, not merely review existing work.

Example cybersecurity dissertation research areas include:

  • Policies and best practices around password security and credential management
  • Defending against the rise of automated bots and adversarial AI in attack campaigns
  • Encryption policy, end-to-end encryption, and the law enforcement access debate
  • Corporate liability and legal responsibility for employee and customer data security
  • Internet advertising, behavioral tracking, and privacy rights
  • Social engineering attack vectors and defense — the new frontier of human-layer exploitation
  • Operational security (OpSec) strategy and policy for government and enterprise
  • Critical infrastructure and industrial control system (ICS) defense
  • Cybersecurity law, enforcement mechanisms, and international attribution
  • The vulnerabilities of biometric authentication systems
  • The ethical, legal, and operational boundaries of ethical hacking
  • Digital forensics standards, chain of custody, and admissibility in criminal proceedings

Frequently Asked Questions

Is a PhD in cybersecurity worth it?

For the right person, yes — and the data makes the ROI case clearly. Cybersecurity doctoral graduates earn an average of $172,000 annually, compared to the BLS median of $124,910 for information security analysts (May 2024). The degree is specifically required for roles like tenured faculty, principal researcher, and many federal senior leadership positions — not just preferred.

The honest counterpoint: the PhD takes 4–5 years and costs $49,968–$150,280 in tuition (before funding). If your target roles don’t require a doctorate, the time and cost may not be justified. But for those targeting CISO, academic research, or government senior leadership, it’s the clearest credential available. For more on cybersecurity career paths by degree level, see our cybersecurity career paths guide.

PhD in cybersecurity vs. master’s — what’s the difference in career outcomes?

A master’s in cybersecurity is a practitioner credential that opens mid-to-senior individual contributor roles. A PhD is a research and leadership credential that unlocks a distinct tier: tenured faculty, principal researcher, C-suite executive (CISO), and federal senior leadership.

The salary gap averages $47,000 annually (master’s median vs. PhD average of $172,000) — but the more important gap is access: some roles will not consider non-doctoral candidates regardless of experience. If your target career path falls into academic research, senior government roles, or executive leadership at large organizations, the doctorate is worth evaluating seriously.

How long does a PhD in cybersecurity take?

Full-time: 4–5 years for most students, including coursework, qualifying exams, dissertation research, and defense. Part-time and online programs designed for working professionals typically run 6–8 years.

The average credit requirement is 71 credits — approximately double a master’s program — plus research and teaching responsibilities that run concurrently. The most common source of extended timelines is the dissertation phase, where research scope and advisor availability are the primary variables.

Are cybersecurity PhD programs funded?

Many are — this is a widely underappreciated fact. Research universities frequently offer full funding (tuition waiver + living stipend) to doctoral students through teaching assistantships (TA) and research assistantships (RA).

TA and RA stipends typically range from $18,000–$30,000 annually depending on institution and location. CyberCorps: Scholarship for Service provides $37,000/year in stipend support plus tuition and a $6,000 professional development allowance to PhD students who commit to post-graduation federal government service.

The NSF Graduate Research Fellowship Program provides three years of $37,000 annual stipends to outstanding graduate students in STEM fields. Funding availability varies by program and advisor — it is worth asking directly during program visits whether funding is available and what the department’s funding rate looks like for admitted students.

How many credits are required for a PhD in cybersecurity?

On average, 71 credits are required to complete a cybersecurity PhD, compared to approximately 36 credits for a master’s degree. Credit requirements range from 60 to 75 hours depending on the program, not counting research and dissertation credit hours that accumulate during the dissertation phase.

In addition to coursework, most PhD students also carry teaching or research responsibilities — these are demanding but also provide career preparation and, in many cases, stipend funding.

What is the difference between a PhD, DSc, and DPS in cybersecurity?

A PhD (Doctor of Philosophy) is research-oriented and theory-focused, best suited for academic faculty positions and basic research careers. It requires an original dissertation contributing new knowledge to the field.

A DSc (Doctor of Science) emphasizes technical research expertise and is more common in applied research contexts — it may be awarded to candidates with significant prior research output. A DPS (Doctor of Professional Studies) focuses on applied, hands-on expertise and is designed for senior practitioners who want to formalize their field experience at the doctoral level.

DPS programs typically require 10–15 years of professional experience and are better suited to executives than to early-career researchers. If you’re unsure which type fits your goals, consider which roles you’re targeting — academic and basic research roles expect a PhD; senior practitioner roles may accept a DPS.

Can I get a PhD in cybersecurity without a master’s degree?

Some programs admit exceptional bachelor’s applicants directly into a doctoral program — typically through a combined BS/PhD or accelerated track — but most require a master’s degree in computer science, information security, engineering, or a related field.

Applicants without a master’s should expect additional coursework requirements, a longer overall program timeline, and a more competitive application threshold. Direct-entry doctoral programs are more common at programs with strong funded research pipelines where faculty advisors are actively recruiting talented undergraduates.

Do cybersecurity PhD programs require the GRE?

Requirements vary widely across programs and have changed significantly in 2025–2026. Many programs — particularly online and professional doctorate tracks — have moved away from GRE requirements, placing more weight on research experience, professional accomplishments, prior publications, and academic GPA.

Some traditional research PhD programs retain GRE requirements, especially for international applicants. Always confirm current requirements directly with each program before applying — do not rely on outdated program guides or general advice for a decision this significant.

Can you get a cybersecurity PhD online?

Yes — a growing number of accredited programs offer cybersecurity doctorates in online or hybrid formats, designed specifically for working professionals who cannot relocate or study full-time. Online PhD programs typically take 6–8 years part-time with a commitment of 15–20 hours per week.

The reputation and career outcomes of online doctoral programs vary more than at the master’s level — research the program’s faculty, publication output, and alumni placement before enrolling. See our full guide to online cybersecurity PhD programs for program-specific information.

What GPA do you need for a cybersecurity PhD program?

Most cybersecurity doctoral programs set a minimum GPA threshold of 3.0 for consideration, with competitive programs typically expecting 3.5 or higher from admitted students. The GPA benchmark is a filter, not the whole picture — programs also weight research experience, the quality of the statement of intent, the strength of recommendation letters, and fit with faculty research interests.

An applicant with a 3.3 GPA and a published paper may be more competitive than one with a 3.8 GPA and no research experience. If your GPA is below 3.5, focus on building research credibility and getting strong academic references.

List of Cybersecurity PhD Programs

A cybersecurity PhD is a 4–5 year, six-figure investment that pays back through access to roles — CISO, principal researcher, tenured faculty, federal senior leadership — that are largely unavailable without the credential. Doctoral graduates average $172,000 annually.

The tuition range from our analysis is $49,968 to $150,280, and many programs offer full funding. Your target career path should drive the decision: if those roles require a doctorate, the case is strong. If they don’t, a master’s will serve you better.

If you’ve decided a doctorate is the right path, the next step is finding a program that matches your research interests, schedule, and budget. Browse the full list of accredited cybersecurity PhD programs below. To compare cost-effective options specifically, see our most affordable cybersecurity PhD programs guide.

  1. Augusta University

    Augusta, Georgia
    Program: PhD in Computer and Cyber Sciences
    CAE designation: CAE-CD, CAE-CO
    Delivery method: Campus
    Total tuition: $60,336
    2025/2026 Cost per credit: $236 in-state | $838 out-of-state
    Credits: 72
    GRE: Not Required
    Learn more: Program details

  2. Marymount University

    Arlington, Virginia
    Program: D.Sc. in Cybersecurity
    CAE designation: CAE-CD
    Delivery method: Online & campus
    Total tuition: $49,968
    2025/2026 Cost per credit: $1,388
    Credits: 36
    GRE: Not Required
    Learn more: Program details

  3. New Jersey City University

    Jersey City, New Jersey
    Program: Doctor of Science in Civil Security - Leadership, Management and Policy (CSLMP)
    CAE designation: CAE-CD
    Delivery method: Campus
    Total tuition: $62,075
    2025/2026 Cost per credit: $1,293
    Credits: 48
    GRE: Not Required
    Learn more: Program details

  4. New Mexico Tech

    Socorro, New Mexico
    Program: Ph.D. in Transdisciplinary Cybersecurity
    Delivery method: Campus
    Total tuition: $150,280
    2025/2026 Cost per credit: $757 in-state | $2,210 out-of-state
    Credits: 68
    GRE: Not required
    Learn more: Program details

  5. Northeastern University

    Boston, Massachusetts
    Program: Ph.D. in Cybersecurity
    CAE designation: CAE-R
    Delivery method: Campus
    Total tuition: $90,000
    2025/2026 Cost per credit: $1,875
    Credits: 48
    GRE: Not Required
    Learn more: Program details

  6. Nova Southeastern University

    Fort Lauderdale, Florida
    Program: Ph.D. in Cybersecurity Management
    CAE designation: CAE-CD
    Delivery method: Online & campus
    Total tuition: $73,542
    2025/2026 Cost per credit: $1,442
    Credits: 51
    GRE: Not Required
    Learn more: Program details

  7. Sam Houston State University

    Huntsville, Texas
    Program: Ph.D. in Digital and Cyber Forensic Science
    CAE designation: CAE-CD
    Delivery method: Campus
    Total tuition: $84,867
    2025/2026 Cost per credit: $741.85 in-state | $1,146.85 out-of-state
    Credits: 74
    GRE: Required
    Learn more: Program details

  8. St. Thomas University

    Miami Gardens, Florida
    Program: Doctor of Business Administration in Cyber Security Management
    Delivery method: Campus
    Total tuition: $63,300
    2025/2026 Cost per credit: $1,055
    Credits: 60
    GRE: Not required
    Learn more: Program details

  9. University of Central Florida

    Orlando, Florida
    Program: Security Studies (PhD)
    CAE designation: CAE-CD, CAE-R
    Delivery method: Campus
    Total tuition: $71,456
    2025/2026 Cost per credit: $370 in-state | $1,276 out-of-state
    Credits: 56
    GRE: Not required
    Learn more: Program details

  10. University of Colorado Colorado Springs

    Colorado Springs, Colorado
    Program: Cybersecurity, PhD
    CAE designation: CAE-CD, CAE-R
    Delivery method: Campus
    Total tuition: $125,100
    2025/2026 Cost per credit: $1,414 in-state | $2,085 out-of-state
    Credits: 60
    GRE: Required
    Learn more: Program details

  11. University of Idaho

    Moscow, Idaho
    Program: Cybersecurity Ph.D.
    CAE designation: CAE-CD
    Delivery method: Campus
    Total tuition: $131,586
    2025/2026 Cost per credit: $618 in-state | $1,687 out-of-state
    Credits: 78
    GRE: Not required
    Learn more: Program details

  12. University of Tulsa

    Tulsa, Oklahoma
    Program: Cyber Studies, Ph.D.
    CAE designation: CAE-CD, CAE-R
    Delivery method: Online & campus
    Total tuition: $111,456
    2025/2026 Cost per credit: $1,548
    Credits: 72
    GRE: Not required
    Learn more: Program details